A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Hashes; Smothered and Scattered: Modern Password Cracking as a Methodology - Lee Wangenheim & Joshua Platz GrrCON 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Hashes; Smothered and Scattered: Modern Password Cracking as a Methodology
Lee Wangenheim & Joshua Platz
GrrCON 2019

With the explosion of GPU enabled processing power password cracking has long grown beyond the standard wordlist. New tools and techniques are being used in order to effectively and efficiently crack passwords that just a few years ago would have be unfathomable. Just recently we build what we believe to be the world?s first Terahashing(one trillion attempts per second) distributed password cracking rig which could crack any 8 character password in under 2 hours. People often ask us, what is the best way to crack this hash, and the truth is it really depends. Let us introduce some of the more modern and best ways to attack passwords by analyzing the language structures and character patterns of passwords, as well as developing custom rules and rule chains to maximize effort. Password cracking is one of those things that has been around for a long time, however people often do not associate a methodology behind it and consider it just a tool. Our presentation has a large amount of content to cover within a 50-minute window, therefore our demos are light and quick showing the different tools built for cracking locally, in the cloud, or in a distributed environment. We feel that by passing along the knowledge of the ins and outs of the tools will be more valuable than having people watch us crack passwords on the screen. The slide decks can be made available to participants and contains sample commands for them to try out each technique we present. Key Topics: Password Cracking as a Methodology Types of attacks (Wordlist/Rules/Masks/Hybrid/Passphrase/Linguistic) Common Pitfalls Utilizing Cloud Systems for Password Cracking Distributed Cracking Solutions The various levels of threat actors and resources (from newbs to state actors) Wordlists Vs Password Dumps

Back to GrrCON 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast